Your Field Staff Are Your Biggest Mobile Risk
Electricians, plumbers, site supervisors, truck drivers, farm managers â field workers rely on mobile devices for job sheets, emails, photos, GPS, and communication. These devices access business email, client information, and internal systems from worksites, vehicles, and client premises. They are often the least protected devices in your organisation and the most likely to be lost, stolen, or compromised.
The Risks Are Real
A lost phone with saved business email credentials gives an attacker access to your email, contacts, SharePoint files, and potentially your entire Microsoft 365 environment. A device connected to an unsecured public Wi-Fi network can have its traffic intercepted. A phone without a screen lock is an open door to anyone who picks it up. An outdated operating system with known vulnerabilities is a target for malware.
For businesses in construction, trades, mining, and agriculture, these risks are amplified. Devices are used in harsh environments, are more likely to be lost or damaged, and field workers may be less aware of mobile security practices than office-based staff.
Mobile Device Management
Microsoft Intune (included in Microsoft 365 Business Premium) allows you to manage and secure mobile devices that access business data. For company-owned devices, you get full device management â enforce encryption, require screen locks, push security policies, remotely wipe a lost device, and control which applications can be installed.
For personal devices (BYOD), Intune’s Mobile Application Management (MAM) protects business data without managing the entire device. Business apps like Outlook and Teams are containerised â business data within these apps is encrypted, cannot be copied to personal apps, and can be remotely wiped without affecting personal photos, messages, or apps.
Essential Mobile Security Policies
Screen lock required: Minimum six-digit PIN or biometric authentication. A device without a screen lock is an unprotected device.
Encryption enabled: Both iOS and Android support full device encryption. Ensure it is mandatory through your management policy.
Remote wipe capability: The ability to remotely erase business data (or the entire device, for company-owned) when a device is lost or an employee leaves the business.
Operating system updates: Require devices to run a supported, current operating system. Devices running outdated software should be blocked from accessing business resources until updated.
App protection: Prevent business data from being copied, saved, or shared to personal applications. Block screenshots of business apps if handling sensitive information.
Practical Considerations for Field Workers
Security policies need to be practical for people who use their phones with dirty hands, in bright sunlight, and while standing on a worksite. Biometric unlock (fingerprint or face) is more practical than typing a PIN with gloves on. Rugged cases and screen protectors reduce the physical damage that leads to device replacements. Offline access to key documents and job sheets reduces the need to connect to untrusted networks. Automatic cloud backup of photos ensures worksite documentation is not lost with a damaged device.
Lost Device Procedures
Every business should have a clear procedure for lost or stolen devices. Staff should know who to contact immediately (their manager and IT support). The device should be remotely located if possible, locked immediately, and wiped if recovery is not likely. Passwords for any accounts accessed on the device should be changed. The faster you act, the smaller the window for data exposure.
Public Wi-Fi
Field workers often connect to Wi-Fi at client sites, cafes, and other locations. Unsecured Wi-Fi networks can expose data in transit. The simplest mitigation is to use mobile data (4G/5G) rather than public Wi-Fi for business tasks. If Wi-Fi is necessary, ensure a VPN is configured and active, or rely on the encryption built into business applications like Outlook and Teams.
Secure Your Mobile Workforce
If your field workers access business email and data on mobile devices without security policies, you have an uncontrolled risk. Contact TechAssist to implement mobile device management for your workforce.
